Cybersecurity incidents related to MOVEit Transfer attacks continue to surface, with the latest one being Pôle emploi, France’s governmental agency for unemployment registration and financial aid.

Disclosing this incident, Pôle emploi said the breach was the result of one of their service providers but limited to only the full names and security numbers. While other sensitive data was not affected, the agency asked the affected people to be vigilant about suspicious communications.

Leaking the Unemployed French Citizens Data

Pôle emploi, France’s governmental unemployment agency, has this week disclosed a data breach incident caused by one of its service providers. Though it didn’t name who that service provider was, the agency noted;

“Job seekers registered in February 2022 and former users of the job center are potentially affected by this theft of personal data.”

While it didn’t mention how many people were affected by this breach, Le Parisien noted the estimate to be 10 million people, based on the 6 million people registered in one of Pôle emploi’s 900 job centres by February 2022 and another 4 million in the previous 12 months before the attack.

Leaked data includes the full names and social security numbers of the registered people, while their email addresses, phone numbers, passwords, and banking data are not retained in the incident. Yet, the agency advises the affected individuals to be cautious about incoming communications.

It has also set up a dedicated phone support line to address any concerns the affected people may have and is in the process of setting up additional security measures. Clarifying that the incident does not impact its financial aid programs, the agency asks the job seekers to access the online employment portal confidently as before.

Emsisoft stated that Pôle emploi is one of the many victims of MOVEit Transfer supply chain attacks. However, the Clop ransomware (the one behind MOVEit attacks) hasn’t added the agency to its victims list.